Notified: October 15, 2001 Updated: October 15, 2001
Affected
The cause of the arbitrary code execution bug in webodex is the library adodb written by John Lim. Webodex uses an older version of this library as the webodex is essentially "mothballed". A new version of adodb is available that plugs this bug and i will be updating webodex late this evening.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: October 16, 2001
Affected
From the Change log: "1.12 6 June 2001 Changed $ADODB_DIR to ADODB_DIR constant to plug a security loophole."
The vendor has not provided us with any further information regarding this vulnerability.
John Lim wrote ADODB which was vulnerable to this problem.
Notified: October 15, 2001 Updated: October 17, 2001
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Marc Logemann wrote More.groupware which is reported to be vulnerable.
Notified: October 15, 2001 Updated: October 16, 2001
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Miro Construct Pty Ltd produces Mambo Site Server. Versions earlier than 3.0.5 are vulnerable. This is fixed in 3.0.6.
Notified: October 15, 2001 Updated: October 22, 2001
Affected
Corrected in release zorbstats 0.9
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.